anydev/anyway
0
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

move secrets to hashicorp, don't use match (wip)
Some checks failed
Build and deploy the backend to staging / Build and push image (pull_request) Successful in 1m41s
Details
Build and release debug APK / Build APK (pull_request) Failing after 4m46s
Details
Build and deploy the backend to staging / Deploy to staging (pull_request) Successful in 16s
Details

Browse Source
This commit is contained in:
Remy Moll
2024-12-14 16:39:27 +01:00
parent 4a542a4a1f
commit cbada7e4a4
6 changed files with 115 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
frontend/.github/workflows/build_app_android.yaml vendored
View File

@@ -39,11 +39,23 @@ jobs:
# remove the 'v' prefix from the tag name
echo "BUILD_NAME=${REF_NAME//v}" >> $GITHUB_ENV
- name: Load secrets from github
- name: Load secrets
id: load-secrets
uses: hashicorp/vault-action@v3
with:
url: https://api.hashicorp.com
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
secret/release GOOGLE_MAPS_API_KEY | GOOGLE_MAPS_API_KEY ;
secret/release ANDROID_SECRET_PROPERTIES_BASE64 | ANDROID_SECRET_PROPERTIES_BASE64 ;
secret/release ANDROID_GOOGLE_PLAY_JSON_BASE64 | ANDROID_GOOGLE_PLAY_JSON_BASE64 ;
secret/release ANDROID_KEYSTORE_BASE64 | ANDROID_KEYSTORE_BASE64 ;
- name: Put selected secrets into files
run: |
echo "${{ secrets.ANDROID_SECRET_PROPERTIES_BASE64 }}" | base64 -d > secrets.properties
echo "${{ secrets.ANDROID_GOOGLE_PLAY_JSON_BASE64 }}" | base64 -d > google-key.json
echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 -d > release.keystore
echo "${{ steps.load-secrets.outputs.ANDROID_SECRET_PROPERTIES_BASE64 }}" | base64 -d > secrets.properties
echo "${{ steps.load-secrets.outputs.ANDROID_GOOGLE_PLAY_JSON_BASE64 }}" | base64 -d > google-key.json
echo "${{ steps.load-secrets.outputs.ANDROID_KEYSTORE_BASE64 }}" | base64 -d > release.keystore
working-directory: android
- name: Install fastlane
@@ -56,4 +68,4 @@ jobs:
env:
BUILD_NUMBER: ${{ github.run_number }}
# BUILD_NAME is implicitly available
GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }}
GOOGLE_MAPS_API_KEY: ${{ steps.load-secrets.outputs.GOOGLE_MAPS_API_KEY }}

25
frontend/.github/workflows/build_app_ios.yaml vendored
View File

@@ -30,12 +30,17 @@ jobs:
# remove the 'v' prefix from the tag name
echo "BUILD_NAME=${REF_NAME//v}" >> $GITHUB_ENV
- name: Load secrets from github
run: |
echo "${{ secrets.IOS_SECRET_PROPERTIES_BASE64 }}" | base64 -d > secrets.properties
echo "${{ secrets.IOS_GOOGLE_PLAY_JSON_BASE64 }}" | base64 -d > google-key.json
echo "${{ secrets.IOS_KEYSTORE_BASE64 }}" | base64 -d > release.keystore
working-directory: ios
- name: Load secrets
id: load-secrets
uses: hashicorp/vault-action@v3
with:
url: https://api.hashicorp.com
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
secret/release GOOGLE_MAPS_API_KEY | GOOGLE_MAPS_API_KEY ;
secret/release IOS_ASC_KEY_ID | IOS_ASC_KEY_ID ;
secret/release IOS_ASC_ISSUER_ID | IOS_ASC_ISSUER_ID ;
secret/release IOS_ASC_KEY_P8 | IOS_ASC_KEY_P8 ;
- name: Install fastlane
run: bundle install
@@ -47,7 +52,7 @@ jobs:
env:
BUILD_NUMBER: ${{ github.run_number }}
# BUILD_NAME is implicitly available
GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }}
IOS_ASC_KEY_ID: ${{ secrets.IOS_ASC_KEY_ID }}
IOS_ASC_ISSUER_ID: ${{ secrets.IOS_ASC_ISSUER_ID }}
IOS_ASC_KEY_P8: ${{ secrets.IOS_ASC_KEY_P8 }}
GOOGLE_MAPS_API_KEY: ${{ steps.load-secrets.outputs.GOOGLE_MAPS_API_KEY }}
IOS_ASC_KEY_ID: ${{ GOOGLE_MAPS_API_KEY.IOS_ASC_KEY_ID }}
IOS_ASC_ISSUER_ID: ${{ GOOGLE_MAPS_API_KEY.IOS_ASC_ISSUER_ID }}
IOS_ASC_KEY_P8: ${{ GOOGLE_MAPS_API_KEY.IOS_ASC_KEY_P8 }}